Zombie computers used for crimes

Zombie computers used for crimes

Saturday, June 4th, 2011

About one in five home computers and one in 10 work computers have been taken over and used to conduct illegal activity, according to a University of Sydney cyber security expert.

One of Australia’s biggest cyber security vulnerabilities lies in un-patched systems, those which haven’t been updated with the latest defences from software providers, says Professor Michael Fry from the School of Information Technologies.

“These regular update requests can be a nuisance but are essential to stay ahead in the day to day battle against cyber crime,” he says, concurring with advice offered during National Cyber Security Awareness Week.

“Unpatched computers are vulnerable to becoming zombies, whereby they are taken over by a remote botmaster, incorporated into botnet networks and used for illegal activities such as issuing spam, phishing attacks and Distributed Denial of Service attacks.”

Professor Fry says there is a strong suspicion in cyber security circles that governments have used botnets to sabotage neighbouring countries’ IT systems. A new cyber security course to be taught at the University’s Centre for International Security Studies this month will look at Australia’s vulnerability to such attacks at both the national and organisational level.

The first of its type to be taught at an Australian university, the course will examine the threats faced in the cyber realm and how they impact the way we govern, do business and interact.

“Of course we need to understand the technical detail of cyber crime in order to keep ahead of the game but we want people to think more broadly about cyber security,” says CISS director Professor Alan Dupont.

“Cyber security is possibly the biggest security threat facing Australia and needs to be looked at from legal, ethical and strategic perspectives. We are stressing the importance of how cyber attacks are conducted, why and by whom, in order to enhance understanding of systems’ susceptibility to attacks.

“If we don’t get on top of this in a defensive sense, everything on a computer network is vulnerable to attack.”